Cloud Security and Compliance

We provide a premium level of security on all accounts, regardless of size.

In the spirit of openness and transparency, here are some of the security measures we take to protect and defend your personal information.

Security in numbers

  • Data breaches since 1995: 0. We strive to maintain this level.
  • Average time to fix a security vulnerability after disclosure: 24 hours. This is achieved through automation of all patching systems.
  • Average time for a server to be exchanged for a new one: 7 days. This decreases our attack vector enormously.

Culture and awareness in an agile environment

  • All our employees are trained via personal security courses.
  • All our employees must read and understood our information security policy, which requires high standards.
  • All our employees work in teams consisting of appropriate roles to develop new features quickly and securely.
  • Each employees uses strong and unique passwords generated through a password manager.
  • All employee disks are encrypted via 256-bit AES.
  • Screens are locked automatically when not in use.
  • We make use of the least privilege principle to ensure our employees can only access data they need for there daily work.
  • An offboarding process is started as soon as an employee leaves the company.
  • All access credentials are rotated immediately after offboarding. The same applies to responsibility changes in the company.
  • All access to admin functionailities is restricted to a small subset of InVision AG staff.
  • Access is secured by encrypted IPSec Tunnel / VPN / IP address whitelist.
  • Every employee has a strictly defined role which defines their core capability and access rights e.g. software developer.

Software written with security at its core

  • Our software is written in a test-driven development.
  • Our software uses the latest security technologies.
  • Our software is automatically scanned for vulnerability after every change.
  • We use code reviews for all changes in our software. This procedure is documented internally and secured by technical barriers.
  • We use test driven development, continuous integration / delivery to ensure our software is built and run securely.
  • Strong collaboration between software developers and IT operations to create fast and secure environments.
  • Software is only installed from trusted software providers.
  • Automatic vulnerability scanning is used to automatically test the software and infrastructure on a regular basis.
  • Upgrades are deployed in phases and rigorously tested before being deployed to production systems.
  • Persistent data is stored on high available database clusters. All data at rest, in transit, and associated keys are encrypted using the industry-standard AES-256 algorithm.
  • Data integrity is enforced in the database systems by a series of integrity constraints and rules.

Operational Security in the cloud

  • All customer data is encrypted at rest.
  • All customer data is encrypted in transit.
  • All customer data can easily be restored.
  • Database access is only possible for a small subset of employees. Currently four employees.
  • Operations team with on-call duty which ensures a fast resolve time even after incidents.
  • Automation of security patches to ensure there are not subject to any known vulnerabilities or other risks.
  • Data can be restored using point in time recovery for the last 14 days.
  • Security patches are applied in 72h.
  • We use stateful firewalls at hypervisor level.
  • We use IPSec for trusted connections between sites.
  • The exchange of data is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
  • All database systems are highly available.
  • Data can be restored using point in time recovery for the last 14 days.
  • Software and data can be fully restored within 24 hours.
  • Immutable infrastructure to ensure systems are easy to exchange.
  • We use Network separation between different environments.
  • Centralized access logging which allows to find and solve issues faster.
  • This includes the Operations team who are on-call to ensure fast resolution of incidents.
  • Restrict access to instances from limited IP ranges using Security Groups.
  • Passwords must have at least six characters.
  • Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
  • Passwords in the password databases are encrypted (bcrypt). This encryption can not be reversed.

Still got questions about our security features?

Contact us and ask for our security specialists. They love to talk about the features we implemented to make injixo a system you can trust.